CVE-2000-0881

LPPlus - Unauthenticated Arbitrary File Read via dccscan Setuid Program

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0881. PoCs published by Dixie Flatline.

AI-analyzed exploit summary This exploit leverages a suid-root binary (`dccscan`) to print files without read access, effectively bypassing file permissions. It demonstrates an information leak by allowing unprivileged users to print restricted files to a printer.

Description

The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Dixie Flatline · textlocalunix
https://www.exploit-db.com/exploits/20193

This exploit leverages a suid-root binary (`dccscan`) to print files without read access, effectively bypassing file permissions. It demonstrates an information leak by allowing unprivileged users to print restricted files to a printer.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: LPPlus (likely on SunOS 5.6)
No auth needed
Prerequisites: Access to a system with vulnerable `dccscan` binary · Printer configured in the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5201
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1644

Scores

EPSS 0.0087
EPSS Percentile 54.1%

Details

Status published
Products (2)
plus_technologies/lpplus 3.2.2
plus_technologies/lpplus 3.3
Published Nov 14, 2000
Tracked Since Feb 18, 2026